1. Field of the Invention
The present invention relates to various methods for encrypting signals in a wireless access system.
2. Discussion of the Related Art
A security sublayer used for a broadband wireless access system will be described in brief.
A security service provides confidentiality (security) and integrity for network data. Integrity means that specific information can be accessed or modified by an authorized user only in data and network security. In particular, the integrity secures a message not to be randomly modified by a third party. And, confidentiality means that specific information is opened to authorized persons only. That is, the confidentiality perfectly protects contents of transferred data to prevent an unauthorized person from accessing the contents.
The security sublayer provides security, authentication, and confidentiality in a broadband wireless network. The security sublayer may apply an encryption function to Medium Access Control Protocol Data Units (MAC PDUs) transmitted between a Mobile Station (MS) and a Base Station (BS). Therefore, the BS and the MS may provide a powerful defense capability against a service theft attack of an illegal user.
The BS performs encryption on a service flow across a network to prevent a data transfer service from an unauthorized access. The security sublayer controls the BS to distribute key-related information to an MS using a key management protocol of an authenticated client/server structure. In doing so, the BS may further reinforce the function of the basic security mechanism by adding digital certificate-based MS device authentication to the key management protocol.
During a basic capabilities negotiation in progress between the BS and the MS, if the MS does not provide the security function, authentication and key exchange procedures are not performed. Moreover, although the MS is registered as not supporting an authentication function, the BS may consider that the authority of the MS has been verified. If the MS dos not support the security function, a service is not provided to the MS. Hence, a key exchange or data encryption function is not performed.
The security sublayer includes an encapsulation protocol and a Privacy Key Management (PKM) protocol. The encapsulation protocol was designed to ensure the security of packet data in the broadband wireless network. The encapsulation protocol provides a set of cryptographic suites such as data encryption and data authentication algorithms and a method for applying such algorithms to a MAC PDU payload. The PKM protocol may provide a method for safely distributing key-relevant data to the MS from the BS. The use of the PKM protocol enables the BS and the MS to share the key-relevant data and the BS to control network access.